Debian DSA-1183-1 : kernel-source-2.4.27 - several vulnerabilities
High Nessus Plugin ID 22725
SynopsisThe remote Debian host is missing a security-related update.
DescriptionSeveral security related problems have been discovered in the Linux kernel which may lead to a denial of service or even the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems :
- CVE-2005-4798 A buffer overflow in NFS readlink handling allows a malicious remote server to cause a denial of service.
- CVE-2006-2935 Diego Calleja Garcia discovered a buffer overflow in the DVD handling code that could be exploited by a specially crafted DVD USB storage device to execute arbitrary code.
- CVE-2006-1528 A bug in the SCSI driver allows a local user to cause a denial of service.
- CVE-2006-2444 Patrick McHardy discovered a bug in the SNMP NAT helper that allows remote attackers to cause a denial of service.
- CVE-2006-2446 A race condition in the socket buffer handling allows remote attackers to cause a denial of service.
- CVE-2006-3745 Wei Wang discovered a bug in the SCTP implementation that allows local users to cause a denial of service and possibly gain root privileges.
- CVE-2006-4535 David Miller reported a problem with the fix for CVE-2006-3745 that allows local users to crash the system via an SCTP socket with a certain SO_LINGER value.
The following matrix explains which kernel version for which architecture fixes the problem mentioned above :
stable (sarge) Source 2.4.27-10sarge4 Alpha architecture 2.4.27-10sarge4 ARM architecture 2.4.27-2sarge4 Intel IA-32 architecture 2.4.27-10sarge4 Intel IA-64 architecture 2.4.27-10sarge4 Motorola 680x0 architecture 2.4.27-3sarge4 MIPS architectures 2.4.27-10.sarge4.040815-1 PowerPC architecture 2.4.27-10sarge4 IBM S/390 2.4.27-2sarge4 Sun Sparc architecture 2.4.27-9sarge4 FAI 1.9.1sarge4 mindi-kernel 2.4.27-2sarge3 kernel-image-speakup-i386 2.4.27-1.1sarge3 systemimager 3.2.3-6sarge3
SolutionUpgrade the kernel package and reboot the machine. If you have built a custom kernel from the kernel source package, you will need to rebuild to take advantage of these fixes.